search for: svitla5

Hai, ? Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-) note, i saw its fixed, but i'll do comment a bit through your replies. ? ? mainly because of this part ? this part.? (Sended: monday 13 juli 2020 18:51) > net ads join -U administrator at SVITLA3.ROOM > Enter administrator at SVITLA3.ROOM's password: > Using short domain name -- SVITLA3 >

...NFSv4 kerberized. Whats used here, samba winbind libnss-pam libpam-winbind krb5-user (for the packages) thats all you need. Now your lines : Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=SVITLA5.ROOM\test01 Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user APEX.CORP\\jake from 10.0.0.1 port 62970 And i noticed this : OK: sshd[2048]: pam_sss(sshd:auth) Wrong: sshd[2157]: pam_unix(sshd:auth) I would gamble on these.. /etc sssd ? Somewhere, i really dont know, never...

...wrong setting in sssd, but i dont know sssd ) > I know this is one of your REALMs and not the domain. > > > Now your lines : > Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=SVITLA5.ROOM\test01 > Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user APEX.CORP\\jake from 10.0.0.1 port 62970 > And i noticed this : > OK: sshd[2048]: pam_sss(sshd:auth) > Wrong: sshd[2157]: pam_unix(sshd:auth) > > > ## Mapped ids from the domain SAMDOM and (...

...nt know sssd ) > > I know this is one of your REALMs and not the domain. > > > > > > Now your lines : > > Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): > authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 > user=SVITLA5.ROOM\test01 > > Works Not: Jul 16 11:24:01 uc-sssdlbox20 sshd[2157]: Invalid user > APEX.CORP\\jake from 10.0.0.1 port 62970 > > And i noticed this : > > OK: sshd[2048]: pam_sss(sshd:auth) > > Wrong: sshd[2157]: pam_unix(sshd:auth) > > > > > > ##...

...oves this fact. I can access a file share located on trusted side by authenticated trusted account. I don't understand about this default mapping. How does it work in my case? As I understood mapping configuration in smb.conf it is based on realm names in krb5.conf. My krb5.conf includes only SVITLA5.ROOM realm. If I add appropriate mapping for APEX.CORP authentication doesn't work because krb5.conf doesn't know about APEX.CORP. If I add APEX.CORP to krb5.conf authentication process happens by different way without involving Samba DC. Probably I could configure krb5.conf in specific wa...

Point #1: is not correct. Why is Jake getting an ID from * Range and not APEX range. ? That need to be found first Run: net cache flush Restart samba. : systemctl restart smbd winbind nmbd (and/or sssd is you use that) wbinfo --all-domains -ug id jake getent passwd jake Any improvement? > if you have set: APEX:backend = ad Yes, and did you assign an UID/GID after you changed RID to